Examples with GroupsException org.apereo.portal.groups.GroupsException used on opensource projects

Example 1 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class AnyUnblockedGrantPermissionPolicy method hasUnblockedPathToGrant.

/**
     * This method performs the actual, low-level checking of a single activity and target. Is IS
     * responsible for performing the same check for affiliated groups in the Groups hierarchy, but
     * it is NOT responsible for understanding the nuances of relationships some activities and/or
     * targets have with one another (e.g. MANAGE_APPROVED, ALL_PORTLETS, etc.). It performs the
     * following steps, in order:
     *
     * <ol>
     *   <li>Find out if the specified principal is <em>specifically</em> granted or denied; if an
     *       answer is found in this step, return it
     *   <li>Find out what groups this principal belongs to; convert each one to a principal and
     *       seek an answer by invoking ourselves recursively; if an answer is found in this step,
     *       return it
     *   <li>Return false (no explicit GRANT means no permission)
     * </ol>
     */
private boolean hasUnblockedPathToGrant(IAuthorizationService service, IAuthorizationPrincipal principal, IPermissionOwner owner, IPermissionActivity activity, IPermissionTarget target, Set<IGroupMember> seenGroups) throws GroupsException {
    if (log.isTraceEnabled()) {
        log.trace("Searching for unblocked path to GRANT for principal '{}' to " + "'{}' on target '{}' having already checked:  {}", principal.getKey(), activity.getFname(), target.getKey(), seenGroups);
    }
    /*
         * Step #1:  Specific GRANT/DENY attached to this principal
         */
    final IPermission[] permissions = service.getPermissionsForPrincipal(principal, owner.getFname(), activity.getFname(), target.getKey());
    final Set<IPermission> activePermissions = removeInactivePermissions(permissions);
    final boolean denyExists = containsType(activePermissions, IPermission.PERMISSION_TYPE_DENY);
    if (denyExists) {
        // We need go no further;  DENY trumps both GRANT & inherited permissions
        return false;
    }
    final boolean grantExists = containsType(activePermissions, IPermission.PERMISSION_TYPE_GRANT);
    if (grantExists) {
        // We need go no further;  explicit GRANT at this level of the hierarchy
        if (log.isTraceEnabled()) {
            log.trace("Found unblocked path to this permission set including a GRANT:  {}", activePermissions);
        }
        return true;
    }
    /*
         * Step #2:  Seek an answer from affiliated groups
         */
    IGroupMember principalAsGroupMember = service.getGroupMember(principal);
    if (seenGroups.contains(principalAsGroupMember)) {
        if (log.isTraceEnabled()) {
            log.trace("Declining to re-examine principal '{}' for permission to '{}' " + "on '{}' because this group is among already checked groups:  {}", principal.getKey(), activity.getFname(), target.getKey(), seenGroups);
        }
        return false;
    }
    seenGroups.add(principalAsGroupMember);
    Set<IEntityGroup> immediatelyContainingGroups = principalAsGroupMember.getParentGroups();
    for (IGroupMember parentGroup : immediatelyContainingGroups) {
        try {
            if (parentGroup != null) {
                IAuthorizationPrincipal parentPrincipal = service.newPrincipal(parentGroup);
                boolean parentHasUnblockedPathToGrant = hasUnblockedPathToGrantWithCache(service, parentPrincipal, owner, activity, target, seenGroups);
                if (parentHasUnblockedPathToGrant) {
                    return true;
                }
            // Parent didn't have a path to grant, fall through and try another parent (if any)
            }
        } catch (Exception e) {
            // problem evaluating this path, but let's not let it stop
            // us from exploring other paths.  Though a portion of the
            // group structure is broken, permission may be granted by
            // an unbroken portion
            log.error("Error evaluating permissions of parent group [" + parentGroup + "]", e);
        }
    }
    /*
         * Step #3:  No explicit GRANT means no permission
         */
    return false;
}

Example 2 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class GroupService method initializeCompositeService.

/** @exception GroupsException */
private void initializeCompositeService() throws GroupsException {
    String eMsg = null;
    try {
        GroupServiceConfiguration cfg = getServiceConfiguration();
        String factoryName = (String) cfg.getAttributes().get("compositeFactory");
        if (factoryName == null) {
            eMsg = "GroupService.initialize(): No entry for CompositeServiceFactory in configuration";
            LOGGER.error(eMsg);
            throw new GroupsException(eMsg);
        }
        ICompositeGroupServiceFactory serviceFactory = (ICompositeGroupServiceFactory) Class.forName(factoryName).newInstance();
        compositeGroupService = serviceFactory.newGroupService();
    } catch (Exception e) {
        eMsg = "GroupService.initialize(): Problem creating groups service... " + e.getMessage();
        LOGGER.error(eMsg, e);
        throw new GroupsException(eMsg, e);
    }
}

Example 3 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class FileSystemGroupStore method findParentGroups.

/**
     * Returns an <code>Iterator</code> over the <code>Collection</code> of <code>IEntityGroups
     * </code> that the <code>IEntity</code> belongs to.
     *
     * @return java.util.Iterator
     * @param ent org.apereo.portal.groups.IEntityGroup
     */
protected Iterator findParentGroups(IEntity ent) throws GroupsException {
    if (log.isDebugEnabled())
        log.debug(DEBUG_CLASS_NAME + ".findParentGroups(): for " + ent);
    List groups = new ArrayList();
    File root = getFileRoot(ent.getType());
    if (root != null) {
        File[] files = getAllFilesBelow(root);
        try {
            for (int i = 0; i < files.length; i++) {
                Collection ids = getEntityIdsFromFile(files[i]);
                if (ids.contains(ent.getKey())) {
                    groups.add(find(files[i]));
                }
            }
        } catch (IOException ex) {
            throw new GroupsException("Problem reading group files", ex);
        }
    }
    return groups.iterator();
}

Example 4 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class FileSystemGroupStore method findMemberGroupKeys.

/**
     * Returns a <code>String[]</code> containing the keys of <code>IEntityGroups</code> that are
     * members of this <code>IEntityGroup</code>. In a composite group system, a group may contain a
     * member group from a different service. This is called a foreign membership, and is only
     * possible in an internally-managed service. A group store in such a service can return the key
     * of a foreign member group, but not the group itself, which can only be returned by its local
     * store.
     *
     * @return String[]
     * @param group org.apereo.portal.groups.IEntityGroup
     */
public java.lang.String[] findMemberGroupKeys(IEntityGroup group) throws GroupsException {
    String[] keys;
    File f = getFile(group);
    if (f.isDirectory()) {
        File[] files = f.listFiles();
        keys = new String[files.length];
        for (int i = 0; i < files.length; i++) {
            keys[i] = getKeyFromFile(files[i]);
        }
    } else {
        try {
            Collection groupKeys = getGroupIdsFromFile(f);
            keys = (String[]) groupKeys.toArray(new String[groupKeys.size()]);
        } catch (IOException ex) {
            throw new GroupsException(DEBUG_CLASS_NAME + ".findMemberGroupKeys(): " + "problem finding group members", ex);
        }
    }
    return keys;
}

Example 5 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class FileSystemGroupStore method getEntitiesFromFile.

/**
     * @param idFile java.io.File - a file of ids.
     * @return entities Collection.
     */
protected Collection getEntitiesFromFile(File idFile) throws GroupsException {
    if (log.isDebugEnabled())
        log.debug(DEBUG_CLASS_NAME + "getEntitiesFromFile(): for " + idFile.getPath());
    Collection ids = null;
    Class type = getEntityType(idFile);
    if (EntityTypesLocator.getEntityTypes().getEntityIDFromType(type) == null) {
        throw new GroupsException("Invalid entity type: " + type);
    }
    try {
        ids = getEntityIdsFromFile(idFile);
    } catch (Exception ex) {
        throw new GroupsException("Problem retrieving keys from file", ex);
    }
    Collection entities = new ArrayList(ids.size());
    for (Iterator itr = ids.iterator(); itr.hasNext(); ) {
        String key = (String) itr.next();
        entities.add(GroupService.getEntity(key, type));
    }
    if (log.isDebugEnabled())
        log.debug(DEBUG_CLASS_NAME + "getEntitiesFromFile(): Retrieved " + entities.size() + " entities");
    return entities;
}